Identity Theft
Identity theft is usually defined in terms of the impersonation of individuals for criminal purposes.
See for example the recent report on Identity Theft published by the US Federal Deposit Insurance Corporation (December 14th, 2004).
However, phishing typically starts with a criminal attempt to impersonate a financial institution. Thus organizations can also suffer identity theft. See Paul Brown's blog posting, The Identity Problem is Symmetric.
However, financial institutions deal with the problem in a highly asymmetric way. Banks and other financial services companies don’t appreciate the customer’s need for security - they think security is about protecting them from us! Asymmetric Trust fits into a more general theory I have about Asymmetric Demand.
UPDATE: Technorati Tags: asymmetry identity-theft
See for example the recent report on Identity Theft published by the US Federal Deposit Insurance Corporation (December 14th, 2004).
However, phishing typically starts with a criminal attempt to impersonate a financial institution. Thus organizations can also suffer identity theft. See Paul Brown's blog posting, The Identity Problem is Symmetric.
However, financial institutions deal with the problem in a highly asymmetric way. Banks and other financial services companies don’t appreciate the customer’s need for security - they think security is about protecting them from us! Asymmetric Trust fits into a more general theory I have about Asymmetric Demand.
I got so fed up with “courtesy calls” that asked me to identify myself before they would even tell me what they were trying to sell me, that I blogged about this last year.
Finance Industry View of Security. See also further material on Identity and Security.
UPDATE: Technorati Tags: asymmetry identity-theft
1 Comments:
very interesting post. nicely pulls some hops and fears together. who do we trust? good question. who should we not trust? well lexis-nexis, axciom, and choicepoint for starters. for me the biggest fears are not around identity endpoints - that's people--but the aggregators. you can imagine execs calling this a victimless crime, rather than fraud. victimless - not for the poor bastard that loses their credit rating its not. anyhow i am quite annoyed to see such an excellent blog. i am trying to whittle down my blogroll - not grow it!!!!
you are going on my personal list
Post a Comment
<< Home